Disclaimer: The opinion expressed here is not investment advice – it is provided for informational purposes only. It does not necessarily reflect the opinion of BitMaden. Every investment and all trading involves risk, so you should always perform your own research prior to making decisions. We do not recommend investing money you cannot afford to lose.

Android with Telegram Trojan, 4chan Hack, and Other Cybersecurity Events

4chan shut down servers after a major hack. Google introduced forced reboot for Android. Trojan for Chinese smartphones stole over $1.6 million in cryptocurrencies. Vulnerabilities found in several Bitcoin wallets. Google introduced forced reboot for Android In the latest update of Google Play services, a function of automatic reboot for Android devices appeared. It will complicate data extraction using modern forensic tools. When the phone is turned on, it goes into the Before First Unlock state, in which most user data remains encrypted. But after the first unlock, in the After First Unlock (AFU) state, they become available for extraction. Thanks to the new feature, the device will automatically reboot if it remains inactive for 72 hours. Trojan for Chinese smartphones stole over $1.6 million in cryptocurrencies Dr.Web researchers reported preinstalled trojanized applications in budget copies of premium Android smartphone models from Samsung and Huawei. Among the modified programs are messengers WhatsApp and Telegram, QR code scanners, and others. The Shibai malware intercepts the app update process and also searches chats for Ethereum or Tron crypto wallet addresses and replaces them with fraudulent ones. In addition, it scans saved images for the presence of seed phrases. The attackers use about 30 domains to distribute malware and more than 60 command servers. Over the past two years, the wallets of the scheme organizers received over $1.6 million. Vulnerabilities found in several Bitcoin wallets Coinspect researchers discovered critical vulnerabilities in browser wallets Stellar Freighter, Frontier Wallet, and Coin98 that allow assets to be stolen unnoticed. To connect to dapps, browser wallets inject code into every tab visited by the user, establishing a communication channel. It allows the app to recognize the wallet and request access to key functions such as viewing balance or initiating transaction approval requests. Messages are transmitted to the Background Script, which has access to the private key. The final interaction takes place in the wallet interface. Unlike long-term connections that create separate channels for different parts of the extension, this approach does not have such separation. An attacker can intentionally cause confusion by sending a message to a privileged API through a listener in the background script. Malicious requests imitate legitimate ones and may lead to the display of the seed phrase for backup purposes. Experts have passed details about the vulnerability to the developers of each of the three wallets. So far, all have made the necessary fixes. 4chan shut down servers after major hack On April 14, the online forum 4chan was subjected to a serious attack and suspended operation . Members of the imageboard Soyjak.party took responsibility for the incident. Screenshots of the administrator and staff control panels, as well as a list of emails presumably belonging to the platform’s leaders and moderators, were leaked online. As Bleeping Computer writes , potential interception of maintenance tools gives hackers access to the location and IP address of any user, the ability to restart any 4chan boards, and manage databases. Later the same day, the forum’s source code appeared on Kiwi Farms. The alleged hackers did not disclose the attack vector. According to the community, the cause could be the platform’s outdated PHP version from 2016. To minimize damage, administrators presumably shut down the servers. At the time of writing, the site is unavailable. Darknet forum account owners offered to sell them anonymously Swiss cybersecurity company Prodaft announced the purchase of accounts from darknet forums. They are interested in accounts on XSS, Exploit, RAMP4U, Verified, and BreachForums registered before December 2022. Owners are guaranteed payment in cryptocurrency, with a higher amount for moderator or administrator accounts. The account must not be on the list of the most wanted by any law enforcement agencies. Also, as part of the initiative, users can anonymously report cybercrimes committed by someone. The deal is conducted anonymously using secure communication channels. Subsequently, the obtained data without seller information will be transferred to law enforcement for use in HUMINT operations and infiltration of closed cybercriminal communities. Reddit fulfilled only a quarter of Russia’s content removal requests The American platform Reddit received 122 content removal requests from government agencies and law enforcement of various countries in the second half of 2024. In particular, Russia sent 15 unique requests, of which the social network satisfied only four (26%). According to the report, less than a third of the requested content (27%) actually violated platform rules. Geoblocking was not applied in any case. The largest number of requests (24) was sent by the UAE authorities. In addition, a total of 27 legal requests turned out to be fake, about which Reddit notified law enforcement agencies. CoinTurk News

---

Bitcoin: With 2,106 whale wallets and counting, BTC’s big buyers are back! What now?

Bitcoin`s market sentiment has shifted green for the first time with whale addresses hitting a YTD high. CoinTurk News